Merge branch 'b-3.6.1' of ../kivitendo-erp_20220811

[mfinanz.git] / SL / Auth / DB.pm

package SL::Auth::DB;

use strict;

use Carp;
use Scalar::Util qw(weaken);

use SL::Auth::Constants qw(:all);
use SL::Auth::Password;
use SL::DBUtils;

sub new {
  $main::lxdebug->enter_sub();

  my $type = shift;
  my $self = {};

  $self->{auth} = shift;
  weaken $self->{auth};

  bless $self, $type;

  $main::lxdebug->leave_sub();

  return $self;
}

sub reset {
  # nothing to do here
}

sub authenticate {
  $main::lxdebug->enter_sub();

  my $self       = shift;
  my $login      = shift;
  my $password   = shift;

  my $stored_password = $self->{auth}->get_stored_password($login);

  # Empty password hashes in the database mean just that -- empty
  # passwords. Hash it for easier comparison.
  $stored_password    = SL::Auth::Password->hash(password => $stored_password) unless $stored_password;
  my ($algorithm)     = SL::Auth::Password->parse($stored_password);
  my $hashed_password = SL::Auth::Password->hash(password => $password, algorithm => $algorithm, login => $login, stored_password => $stored_password);

  $main::lxdebug->leave_sub();

  return $hashed_password eq $stored_password ? OK : ERR_PASSWORD;
}

sub can_change_password {
  return 1;
}

sub requires_cleartext_password {
  return 0;
}

sub change_password {
  $main::lxdebug->enter_sub();

  my $self       = shift;
  my $login      = shift;
  my $password   = shift;
  my $is_crypted = shift;

  my $dbh        = $self->{auth}->dbconnect();

  if (!$dbh) {
    $main::lxdebug->leave_sub();
    return ERR_BACKEND;
  }

  $password = SL::Auth::Password->hash(login => $login, password => $password) unless $is_crypted;

  do_query($main::form, $dbh, qq|UPDATE auth."user" SET password = ? WHERE login = ?|, $password, $login);

  $dbh->commit();

  $main::lxdebug->leave_sub();

  return 1;
}

sub verify_config {
  return 1;
}

1;